If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Windows 2003 exploits

Hello all,

I am currently taking part in a university coursework where we have a network lab which is shut off from the rest of the world in which we all have windows 2003 servers (running an http server, ftp server and ssh) which we have all attempted to lock down and now have a couple of weeks to see if we can exploit anybody elses servers. I have attempted to use some of the 2003 exploits but to no avail.

What appears to be the most likely successful attack is one of the browser exploits as users often go to a webpage on our server. I tried a few and went to the webpage where the exploit is to test it and i got the random characters in the webpage and metasploit said it was trying to send the exploit but it was trying to do it to the default gateway rather than the machine connected with the browser.

Anyway - just wondering if anyone knew what i could do to make that work or if they have any ideas of exploits that may work. Ports people have open are: 80, 21, 22. some also have all or some of 445, 139, 135.

The problem is since we have no way of knowing if you are telling the truth most of the people on this forum will probably hesitate to help you. It may shock you to know that people often misrepresent themselves on the inturnet in order to facilitate malicious behavior.

The problem is since we have no way of knowing if you are telling the truth most of the people on this forum will probably hesitate to help you. It may shock you to know that people often misrepresent themselves on the inturnet in order to facilitate malicious behavior.

It's amazing how all these 'assignments' are to infiltrate a Windows box, but never a Linux box. Do you find that odd as well?

A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

And the even weirder part is that I am a college student with networking and security as my major in my third year and I have yet to get a " assignment " like this. All of school work includes learning programing, learning about tcp/ip standards and protocol, structured cabling and securing cisco systems. Not one of these classes or any other has just offered me up a box and said "Okay try to exploit this" so I rarely believe the story. Now I have done some interesting "hacks" for school stuff but only when we were allowed to choose a project in a wide field to present on, Like my router project. It seems to me anyway that all these people in "penetration testing" school better learn how to be network admins if they want a job because the field of penetration testing is not huge. Although it sounds glamorous to galavant all around the world hacking people, the more realistic approach in my humble opinion would be the to use the fact that you were experienced in penn testing as a selling point when applying for a network admin job which could effectively save the company money by not having to hire a outside source.

Ok, i shall attempt to help you believe me: (sorry about the way i have written the links - i have not got enough posts to submit them apparently)

I am a student at the University of Nottingham (England)
I am a third year student taking a module G53SEC: winster.nottingham.ac.uk/modulecatalogue/asp/moduledetails.asp?crs_id=018176&year_id=000107

This is the module website: cs.nott.ac.uk/~jqf/G53SEC/
and the coursework description: cs.nott.ac.uk/~jqf/G53SEC/G53SEC_Coursework.pdf

There are infact some linux servers as some people have chosen to reinstall as linux boxes, but the majority are windows. Any advice you can give for exploits on centOS and Ubuntu would also be appreciated!

Which leads me into my next point. If in fact you are telling the truth then we should not be spoonfeeding you a exploit. The purpose of school is to learn how to do the hardest and most boring part of penetration testing which is recon. In my short time in the field I have learned that the actual execution of the exploit is only a wee tiny part which falls at the end of day or maybe weeks of prep work.

I am not sure why you feel the need to be as frosty as you are being. Maybe for you picking up and understanding security was easy, fine, i have no problem with that, but when people are just asking for a bit of help it seems to me to be a little rude to be so frosty, especially when they have gone to some effort to try and back up their claims.

Simply all i am asking for if there are any areas which you may think would be a good test for the servers - i appreciate people not wishing to just let anyone know of expliots as indeed you are right about people misrepresenting themselves on the internet. A bit of common courtesty would go a long way though.

Ok, i shall attempt to help you believe me: (sorry about the way i have written the links - i have not got enough posts to submit them apparently)

I am a student at the University of Nottingham (England)
I am a third year student taking a module G53SEC: winster.nottingham.ac.uk/modulecatalogue/asp/moduledetails.asp?crs_id=018176&year_id=000107

This is the module website: cs.nott.ac.uk/~jqf/G53SEC/
and the coursework description: cs.nott.ac.uk/~jqf/G53SEC/G53SEC_Coursework.pdf

There are infact some linux servers as some people have chosen to reinstall as linux boxes, but the majority are windows. Any advice you can give for exploits on centOS and Ubuntu would also be appreciated!

I am a student at the University of Nottingham located within the ASAP group. Currently I am undertaking a PhD in Computer Security and Artificial Immune Systems under the supervision of Dr. Uwe Aickelin.

My research topic is biologically inspired Computer Security. In particular I am interested in the application of novel immunological ideas to anomaly detection.

I am not sure why you feel the need to be as frosty as you are being. Maybe for you picking up and understanding security was easy, fine, i have no problem with that, but when people are just asking for a bit of help it seems to me to be a little rude to be so frosty,

How was he rude? He specifically provided links to information you should put to use. How horrible of him.

especially when they have gone to some effort to try and back up their claims.

Wow, wanna see me setup a site that says I'm the king of the world? I'll even print a PDF and include it for you.

Yes we have no reason not to believe you (well actually we do based on history etc but we'll ignore that fact for now), even more important is the FACT that we have no reason to believe you.

Simply all i am asking for if there are any areas which you may think would be a good test for the servers -

Yes there are areas which I think would be a good test for the servers.

I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Frosty Huh! Well you haven't even documented what you have tried. As far as I'm concerned this is the same old social engineering I get every day. I would be happy to help you with a specific question.

Example of a specific question: Hi kind sirs, I have determined that my target is running windows server 2003 with ftp,ssh and http enabled. I have tried this, this and this and for some reason the are all failing. I have researched the error messages and come up with this, this and this. Do you all have anything to add.

Tip of day: metasploit exploits are generally proof of concept. Most of the time a vulnerability has been patched but the time it makes it into metasploits database. You should check some sites like milw0rm for more up to date exploits.